package org.apache.jetspeed.om.page.psml;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.jetspeed.om.common.SecurityConstraint;
import org.apache.jetspeed.om.common.SecurityConstraints;
import org.apache.jetspeed.om.page.PageSecurity;
import org.apache.jetspeed.om.page.SecurityConstraintImpl;
import org.apache.jetspeed.om.page.SecurityConstraintsRefExpression;
import org.apache.jetspeed.om.page.SecurityConstraintsRefParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-page-manager-2.3.0.jar:org/apache/jetspeed/om/page/psml/SecurityConstraintsImpl.class */
public class SecurityConstraintsImpl implements SecurityConstraints {
    private static final Logger log = LoggerFactory.getLogger(SecurityConstraintsImpl.class);
    private String owner;
    private List<SecurityConstraint> constraints;
    private List<String> constraintsRefs;
    private List<Object> allConstraints;

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public String getOwner() {
        return this.owner;
    }

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public void setOwner(String str) {
        this.owner = str;
    }

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public List<SecurityConstraint> getSecurityConstraints() {
        if (this.constraints == null) {
            this.constraints = Collections.synchronizedList(new ArrayList());
        }
        return this.constraints;
    }

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public void setSecurityConstraints(List<SecurityConstraint> list) {
        this.constraints = list;
    }

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public List<String> getSecurityConstraintsRefs() {
        if (this.constraintsRefs == null) {
            this.constraintsRefs = Collections.synchronizedList(new ArrayList());
        }
        return this.constraintsRefs;
    }

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public void setSecurityConstraintsRefs(List<String> list) {
        this.constraintsRefs = list;
    }

    @Override // org.apache.jetspeed.om.common.SecurityConstraints
    public boolean isEmpty() {
        return this.owner == null && this.constraints == null && this.constraintsRefs == null;
    }

    public void checkConstraints(List<String> list, List<String> list2, List<String> list3, List<String> list4, PageSecurity pageSecurity) throws SecurityException {
        if (this.owner == null || list2 == null || !list2.contains(this.owner)) {
            try {
                List<Object> allSecurityConstraints = getAllSecurityConstraints(pageSecurity);
                if (allSecurityConstraints != null && !allSecurityConstraints.isEmpty()) {
                    for (String str : list) {
                        boolean z = false;
                        boolean z2 = false;
                        boolean z3 = getOwner() != null;
                        Iterator<Object> it = allSecurityConstraints.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Object next = it.next();
                            if (next instanceof SecurityConstraintImpl) {
                                SecurityConstraintImpl securityConstraintImpl = (SecurityConstraintImpl) next;
                                if (securityConstraintImpl.getPermissions() != null) {
                                    z3 = true;
                                    if (securityConstraintImpl.actionMatch(str) && securityConstraintImpl.principalsMatch(list2, list3, list4, true)) {
                                        z = true;
                                        break;
                                    }
                                } else if (securityConstraintImpl.principalsMatch(list2, list3, list4, false)) {
                                    z2 = true;
                                    break;
                                }
                            } else if (next instanceof SecurityConstraintsRefExpression) {
                                z3 = true;
                                if (((SecurityConstraintsRefExpression) next).checkExpression(str, list2, list3, list4)) {
                                    z = true;
                                    break;
                                }
                            } else {
                                continue;
                            }
                        }
                        if ((!z && z3) || z2) {
                            throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + str + " not permitted.");
                        }
                    }
                } else if (getOwner() != null && !list.isEmpty()) {
                    throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + list.get(0) + " not permitted, (not owner).");
                }
            } catch (SecurityException e) {
                throw e;
            } catch (Exception e2) {
                if (log.isDebugEnabled()) {
                    log.error("Security constraints check exception: " + e2, (Throwable) e2);
                } else {
                    log.error("Security constraints check exception: " + e2);
                }
                throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Exception detected: " + e2);
            }
        }
    }

    private synchronized List<Object> getAllSecurityConstraints(PageSecurity pageSecurity) {
        List<String> globalSecurityConstraintsRefs;
        List<Object> dereferenceSecurityConstraintsRefs;
        List<Object> dereferenceSecurityConstraintsRefs2;
        if (this.allConstraints != null) {
            return this.allConstraints;
        }
        ArrayList arrayList = new ArrayList();
        if (this.constraints != null) {
            arrayList.addAll(this.constraints);
        }
        if (this.constraintsRefs != null && !this.constraintsRefs.isEmpty() && (dereferenceSecurityConstraintsRefs2 = dereferenceSecurityConstraintsRefs(this.constraintsRefs, pageSecurity)) != null) {
            arrayList.addAll(dereferenceSecurityConstraintsRefs2);
        }
        if (pageSecurity != null && (globalSecurityConstraintsRefs = pageSecurity.getGlobalSecurityConstraintsRefs()) != null && !globalSecurityConstraintsRefs.isEmpty() && (dereferenceSecurityConstraintsRefs = dereferenceSecurityConstraintsRefs(globalSecurityConstraintsRefs, pageSecurity)) != null) {
            arrayList.addAll(dereferenceSecurityConstraintsRefs);
        }
        this.allConstraints = arrayList;
        return arrayList;
    }

    private List<Object> dereferenceSecurityConstraintsRefs(List<String> list, PageSecurity pageSecurity) {
        ArrayList arrayList = null;
        if (pageSecurity == null) {
            throw new RuntimeException("Page security definitions not available");
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            Object parse = SecurityConstraintsRefParser.parse(it.next(), pageSecurity);
            if (parse instanceof List) {
                List list2 = (List) parse;
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.addAll(list2);
            } else if (parse instanceof SecurityConstraintsRefExpression) {
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.add(parse);
            } else if (parse != null) {
                throw new RuntimeException("Unexpected security constraints ref parser result");
            }
        }
        return arrayList;
    }
}
